The trick is create a specific user account in each container, and assign a userid for that account (and obviously run the command with that account).
On the host, we would use setquota to limit this userid.